Over 100,000 U.S. military emails have been misdirected to Mali this year due to a spelling mistake that sent emails to .ML instead of .MIL addresses. The emails contain sensitive information about personnel, travel plans, and financial records. While not classified, the data could provide intelligence value if exploited. Control of the .ML domain is transferring to the Malian government which has ties to Russia, raising concerns the misdirected emails could be used to their advantage. The Pentagon says it is aware of the issue and blocking emails from leaving the .MIL domain, but mistakes still happen.
Email encryption is kind of broken, but kind of in a good way: if you don’t have the recipient’s key, then you can’t send an encrypted email. Since there would be no reason for senders of sensitive info intended for .mil receivers, to have the key for an equivalent receiver at a .ml domain, the emails would just fail to send, stopping any leak before it happened.